IT Strategy 1st Edition James McKeen - Test Bank Instant Download - Complete Test Bank With Answers Sample Questions Are Posted Below IT Strategy in Action (McKeen/Smith) Chapter 5 IT in the New World of Corporate Governance Reforms 1) The act designed to protect stockholders, employees, and …
$19.99
IT Strategy 1st Edition James McKeen – Test Bank
Instant Download – Complete Test Bank With Answers
Sample Questions Are Posted Below
IT Strategy in Action (McKeen/Smith)
Chapter 5
IT in the New World of Corporate Governance Reforms
1)
The act designed to protect stockholders, employees, and consumers from inaccurate or misleading financial reports is called the:
2001 Patriot Act
1934 Securities and Exchange Act
002 Sarbanes-Oxley Act
2004 REVISED Securities and Exchange Act
Answer:
C
Page Ref: 58
Skill:
Easy
AACSB:
Ethical Reasoning
2)
Recent legislation makes CEOs and CFOs explicitly responsible for establishing, evaluating, and monitoring the effectiveness of internal controls over financial reporting and disclosure.
Answer:
TRUE
Page Ref: 58
Skill:
Easy
AACSB:
Ethical Reasoning
3)
Only publicly traded companies in the United States are subject to rules of financial disclosure.
Answer:
FALSE
Page Ref: 58
Skill:
Hard
AACSB:
Ethical Reasoning
4)
All organizations are increasingly subject to a growing number of legal acts, regulations, and ethical expectations.
Answer:
TRUE
Page Ref: 58
Skill:
Easy
AACSB:
Ethical Reasoning
5)
Prior to 2002, IT has been heavily affected by regulatory matters.
Answer:
TRUE
Page Ref: 58
Skill:
Moderate
AACSB:
Use of IT
6)
In the past, most organizations designed their record-keeping systems as they wished with no real regard of regulatory issues.
Answer:
TRUE
Page Ref: 58
Skill:
Moderate
AACSB:
Use of IT
7)
New standards for internal controls have significant implications on how IT is managed and IT costs and productivity.
Answer:
TRUE
Page Ref: 58
Skill:
Easy
AACSB:
Use of IT
8)
Since organizations are more dependent on automated information and processes, their IT infrastructures are also more vulnerable to security threats.
Answer:
TRUE
Page Ref: 59
Skill:
Easy
AACSB:
Use of IT
9)
SOX requires external auditors to independently attest to the effectiveness of internal financial controls, negating the need for an annual evaluation of internal controls and procedures for financial reporting.
Answer:
FALSE
Page Ref: 60
Skill:
Hard
AACSB:
Ethical Reasoning
10)
The Security and Exchange Act mandates an annual evaluation of internal controls and procedures for financial reporting.
Answer:
FALSE
Page Ref: 60
Skill:
Moderate
AACSB:
Ethical Reasoning
11)
Different regulations affect business units differently, but all regulations have an impact IT.
Answer:
TRUE
Page Ref: 61
Skill:
Moderate
AACSB:
Use of IT
12)
As regulations become more numerous and complex, organizations are finding that only IT-based controls are effective in ensuring compliance.
Answer:
TRUE
Page Ref: 61
Skill:
Moderate
AACSB:
Use of IT
13)
Compliance with regulations involves huge costs for IT, but the costs are more than just monetary.
Answer:
TRUE
Page Ref: 61
Skill:
Moderate
AACSB:
Use of IT
14)
Because of SOX’s emphasis on control documentation, the technical skills required of IT staff are more important than written skills for complying with SOX requirements.
Answer:
FALSE
Page Ref: 61
Skill:
Moderate
AACSB:
Use of IT
15)
Surveys show that most firms have overestimated the costs of SOX compliance but the majority of those surveyed planned to increase their compliance budgets in the future.
Answer:
FALSE
Page Ref: 61
Skill:
Hard
AACSB:
Use of IT
16)
It is the job of a company’s Internal auditors to determine if its controls are “reasonable.”
Answer:
FALSE
Page Ref: 60
Skill:
Hard
AACSB:
Use of IT
17)
Protection of systems and data is the biggest concern for IT but not necessarily other units of a business.
Answer:
FALSE
Page Ref: 63
Skill:
Moderate
AACSB:
Use of IT
18)
Compliance with the many new regulations imposed on organizations has led to significant IT costs.
Answer:
TRUE
Page Ref: 60
Skill:
Easy
AACSB:
Use of IT
19)
Surveys show that most firms have underestimated the costs of SOX compliance.
Answer:
TRUE
Page Ref: 61
Skill:
Easy
AACSB:
Use of IT
20)
Legislators and other regulatory bodies are not very aware of the impact electronic information and systems can have on organizations and the public.
Answer:
FALSE
Page Ref: 59
Skill:
Easy
AACSB:
Ethical Reasoning
21)
Companies doing business with the European Union are not required to respect strict EU privacy standards since their systems operate in the United States.
Answer:
FALSE
Page Ref: 59
Skill:
Moderate
AACSB:
Use of IT
22)
Transporting sensitive personal information across organizational and national boundaries could:
produce inaccurate or invalid information that could mislead auditors.
produce inaccurate or invalid information that could tax officials and inspectors.
create a sense if distrust among the public.
create a sense of distrust among investors.
All of the above
Answer:
E
Page Ref: 59
Skill:
Moderate
AACSB:
Ethical Reasoning
23)
Industry-specific legislation issues that IT faces include:
software standards.
homeland security.
access to persons with disabilities.
Both B and C
Both A and B
Answer:
D
Page Ref: 60
Skill:
Hard
AACSB:
Use of IT
24)
The single most challenging regulation that IT faces is:
capital management.
homeland security.
access to persons with disabilities.
the Sarbanes-Oxley Act.
the impact on the environment.
Answer:
D
Page Ref: 60
Skill:
Moderate
AACSB:
Use of IT
25)
SOX requires all of the following EXCEPT:
the CEO and CFO to personally certify internal financial controls.
internal auditors to personally certify internal financial controls.
external auditors to independently attest to the effectiveness of internal financial controls.
financial controls designed to achieve control objectives using established criteria.
financial control objectives and related controls are appropriately documented.
Answer:
B
Page Ref: 60
Skill:
Hard
AACSB:
Ethical Reasoning
26)
The Sarbanes-Oxley Act strongly recommends that companies follow a framework for internal controls known as:
Committee of Sponsoring Organizations of the Treadway Commission
Control Objectives for Information and related Technology
Information Technology Control Guidelines
National Institute of Standards and Technology
Answer:
A
Page Ref: 60
Skill:
Hard
AACSB:
Use of IT
27)
U.S. companies have found that they spent more than ________ on IT investments to meet SOX requirements.
$1 billion
$2 billion
$3 billion
$5 billion
$5.5 billion
Answer:
A
Page Ref: 61
Skill:
Hard
AACSB:
Use of IT
28)
Two particularly challenging aspects of SOX and privacy legislation are:
the segregation of duties and technical documentation of controls.
the segregation of duties and restrictions on who has access to data.
the written documentation of controls and restrictions on who has access to data.
the written documentation of controls and segregation of duties.
the technical documentation of controls and who has access to the data.
Answer:
B
Page Ref: 62
Skill:
Hard
AACSB:
Use of IT
29)
IT management issues associated with SOX compliance include:
increased costs, operational challenges and new opportunities.
unforeseen benefits, new opportunities, and operational challenges.
competitive advantage, increased costs and new opportunities.
increased costs, operational challenges, new opportunities, and unforeseen benefits.
Answer:
D
Page Ref: 62
Skill:
Hard
AACSB:
Use of IT
30)
Some of the benefits of a properly implemented internal control program include:
increased costs, operational challenges, new opportunities, and unforeseen benefits.
improved overall IT governance and enhanced understanding of IT by senior executives.
effective written documentation of controls and segregation of duties.
Both A and C.
All of the above.
Answer:
B
Page Ref: 63
Skill:
Hard
AACSB:
Use of IT
31)
________ is the structure of relationships and processes that enable the enterprise to direct and control IT in order to achieve enterprise goals while balancing risk versus return.
Business continuity planning
IT Governance
Security architecture
Physical and virtual access
IT strategic planning
Answer:
B
Page Ref: 64
Skill:
Hard
AACSB:
Use of IT
32)
To reduce risk, organizations need a planned, integrated, and evolving set of practices for dealing with threat called ________.
Business continuity planning
Disaster recovery
Security architecture
Physical and virtual access
IT strategic planning
Answer:
C
Page Ref: 64
Skill:
Moderate
AACSB:
Use of IT
33)
In practice, ________ refers to the structure, roles, procedures, and internal and external relationships that ensure that IT is well managed and can provide the necessary information to run the organization.
Business continuity planning
IT Governance
Security architecture
Physical and virtual access
IT strategic planning
Answer:
B
Page Ref: 64
Skill:
Hard
AACSB:
Use of IT
34)
Which of the following IT elements addresses the work that is done to develop or acquire new applications?
IT strategic planning, risk assessment, project management.
Information architecture, access to data, data administration.
IT strategic planning, competitive advantage, increased costs.
Risk assessment, new opportunities, IT strategic planning.
Competitive advantage, risk assessment, project management.
Answer:
A
Page Ref: 65
Skill:
Hard
AACSB:
Use of IT
35)
Which of the following IT elements addresses all data and information produced and/or stored by IT?
IT strategic planning, risk assessment, project management.
Information architecture, access to data, data administration.
IT strategic planning, competitive advantage, increased costs.
Risk assessment, new opportunities, IT strategic planning.
Competitive advantage, risk assessment, project management.
Answer:
B
Page Ref: 65
Skill:
Moderate
AACSB:
Use of IT
36)
Which of the following IT elements ensure that all work done in IT is properly completed, meets all control standards, and can be demonstrated to do so with reasonable assurance?
IT strategic planning, risk assessment, project management.
Information architecture, access to data, data administration.
Testing and validation, documentation management, and quality assurance.
Risk assessment, new opportunities, IT strategic planning.
Competitive advantage, risk assessment, project management.
Answer:
C
Page Ref: 66
Skill:
Easy
AACSB:
Use of IT
37)
Which of the following areas is one of the most important areas of control?
Testing and validation
Documentation management
Quality assurance
Information architecture and data administration
Answer:
A
Page Ref: 67
Skill:
Moderate
AACSB:
Use of IT
38)
________ is/are the front line of business support and often are the first to identify problems and risks with systems, operations, and information.
Operations and infrastructure support
Help desks
IT governance
IT strategic plans
Training and awareness
Answer:
B
Page Ref: 66
Skill:
Easy
AACSB:
Use of IT
39)
________ is essential to ensure that all staff understand their responsibilities in complying with regulations.
Operations and infrastructure support
Help desks
IT governance
IT strategic plans
Training and awareness
Answer:
E
Page Ref: 68
Skill:
Moderate
AACSB:
Use of IT
40)
________ oversees existing hardware, software, and networks and ensure ongoing operations, as well as those that make needed changes and deal with problems as they occur.
Operations and infrastructure support
Help desks
IT governance
IT strategic plans
Training and awareness
Answer:
A
Page Ref: 66
Skill:
Moderate
AACSB:
Use of IT
41)
What is a framework? Name and describe the control framework used to comply with SOX requirements.
Answer:
Frameworks provide areas of focus for financial controls to monitor. Frameworks also provide a basic skeleton on which to build controls, the amount of control that is appropriate depends on the size and complexity of the organization.
The SOX act recommends that companies follow a framework for internal controls known as COSO (Committee of Sponsoring Organizations of the Treadway Commission), developed in 1985. To assist IT in implementing these controls, in 1998 the IT Governance Institute developed its own Control Objectives for Information and related Technology (COBIT). COBIT is the primary IT control framework companies are using to provide the “reasonable assurances” required by SOX.
Page Ref: 61
Skill:
Hard
AACSB:
Use of IT
42)
List and describe the two areas of IT most impacted by SOX legislation.
Answer:
Costs and challenges. Compliance involves huge costs for IT. However, these involve much more than just money. New regulations generally mean that IT takes an enormous productivity hit because new procedures for compliance and a huge distraction and an enormous drain of staff resources. Work on systems enhancements often have to be stopped to document existing controls. The increased rigor required also adds to new project costs and lengthens systems development schedules. Small IT projects are no longer cost effective, and manual processes are sometimes more attractive than automated ones. SOX compliance emphasizes documentation.
Benefits and opportunities. Increased focus on controls for systems and information will eventually lead to benefits for the organization. Companies that see compliance from a purely tactical perspective will likely not see the value of increased controls. However, regulation is often a chance to streamline and revamp business processes and IT governance. Companies can benefit by redirecting their focus from compliance as a necessary evil to compliance as a competitive advantage. Improved controls and processes will lead to improved quality, simpler audits, and easier learning.
Page Ref: 61
Skill:
Moderate
AACSB:
Use of IT
43)
What are the two most challenging aspects of SOX and privacy legislation compliance?
Answer:
Two particularly challenging aspects of SOX and privacy legislation are the segregation
of duties and restrictions on who has access to data. The first requires that a
person who makes a purchase or develops a system should not be the same person
who accepts the purchase or the system. The second relates to who can view and
change data. Both require substantial analysis of systems, personnel, and data to
identify who should be doing what.
Page Ref: 62
Skill:
Moderate
AACSB:
Use of IT
44)
List and describe the (3) IT elements that run existing hardware, software, and networks and ensure ongoing operations, as well as those that make needed changes and deal with problems as they occur.
Answer:
Operations and infrastructure support. Operations staff need training in their regulatory responsibilities just as much as other IT staff. Often companies need to look more closely at how they identify and allocate costs in this area, what metrics are collected and reported, how third-party services are managed, and how problems and incidents are addressed at the root cause.
Help desk. Help desks are the front line of business support. As such, they are
often the first to identify problems and risks with systems, operations, and information. At one company, help desk staff must take twenty modules of training about the regulations applying to their work and how they are expected to respond to a wide variety of circumstances. Help desk training and documentation for each new system is also an essential control process and should be considered part of every new initiative.
Change management. Controlling how enhancements are made and implemented to existing systems has become extremely important to prevent major system disruptions. Processes to ensure the proper testing and validation of
changes and integration with other operational systems create much extra work
but can also save significant headaches. Segregation of duties is especially important to ensure that all control procedures have been properly followed.
Page Ref: 66
Skill:
Moderate
AACSB:
Use of IT
45)
List and describe the (3) elements of daily IT operations that ensure ongoing operations. Indicate whether or not any of these areas are impacted by regulatory changes.
Answer:
Operations and infrastructure support. Operations staff need training in their regulatory
responsibilities just as much as other IT staff. Often companies need to look more closely at how they identify and allocate costs in this area, what metrics are collected and reported, how third-party services are managed, and how problems and incidents are addressed at the root cause.
Help desk. Help desks are the front line of business support and often are the first to identify problems and risks with systems, operations, and information. Help desk training and documentation for each new system is also an essential control process and should be considered part of every new initiative.
Change management. Controlling how enhancements are made and implemented to existing systems has become extremely important to prevent major system disruptions. Processes to ensure the proper testing and validation of changes and integration with other operational systems create much extra work but can also save significant headaches. Segregation of duties is especially important to ensure that all control procedures have been properly followed.
Page Ref: 67
Skill:
Moderate
AACSB:
Use of IT
46)
Can morale issues develop among IT staff when IT must comply with SOX regulations? Why or why not?
Answer:
There is a significant morale impact on IT staff. Most staff do not like shifting goals, and often do not look favorably on the intense oversight required for SOX compliance. Regulation compliance can lead to policy and procedure change within IT that may unreasonably raise the expectations of IT by the organization. Staff need to understand the motivation for regulatory compliance and not mistake the introduction of controls as mistrust by the organization. Morale issues can be enhanced by frustration when staff cannot get the answers they need from their firm or external auditors. It is often difficult to determine what compliance means or entails. A common problem at all levels of IT is that, because auditors don’t truly understand how to interpret the legislation themselves, they are not able to provide clear guidance about what should be done.
Page Ref: 62
Skill:
Moderate
AACSB:
Use of IT
47)
List and describe the basic requirements of the Sarbanes-Oxley Act.
Answer:
The CEO and CFO personally certify internal financial controls.
External auditors independently attest to the effectiveness of internal financial controls.
Financial controls designed to achieve control objectives using established criteria.
Financial control objectives and related controls are appropriately documented.
An annual evaluation of internal controls and procedures for financial reporting.
Page Ref: 60
Skill:
Moderate
AACSB:
Ethical Reasoning
48)
When properly implemented, what are some of the benefits of a strong internal control program to an organization?
Answer:
Improved overall IT governance
Enhanced understanding of IT by senior executives
Better business decisions based on more accurate information
Improved IT alignment with the business
Reduced risk of system security breaches
Reduced difficulty complying with new regulations
More efficient and effective operations
An integrated approach to security
Enhanced risk management competencies
Page Ref: 63
Skill:
Moderate
AACSB:
Use of IT
49)
List and describe (3) key IT elements affected by regulation. Which is the most critical? Why?
Answer:
Security architecture. Protection of systems and data is of rapidly escalating
concern to organizations in our networked world and the most critical element affected by regulation. Increasing information privacy requirements present the biggest risk to an organization. Today’s hardware, software, and data are more and more vulnerable to threats. To address this risk, organizations need a planned, integrated, and evolving set of practices for dealing with these threats, rather than the patchwork approach that has developed in too many companies
Physical and virtual access. Most organizations already have some physical and
virtual access controls, but these now need to be extended to all office areas and
buildings, workstations, and company data and better integrated with each other.
Procedures for granting and denying access need to be streamlined to dynamically and immediately enable new staff to be added, departing staff removed, and role-based access provided
IT governance. Governance is the structure of relationships and processes that
enable the enterprise to direct and control IT in order to achieve enterprise goals
whilebalancingriskversusreturn.Inpractice,thisreferstothestructure,roles,procedures,andinternalandexternalrelationshipsthatensurethatITiswellmanagedandcanprovidethenecessaryinformationtoruntheorganization.
HR management and training. Along with new controls and needed capabilities
come new roles and competencies to be filled and developed. A significant
amount of compliance awareness training must also be developed and provided
to all IT staff to ensure they truly understand the nature and importance of their responsibilities in this area.
IT finance. IT is a large and growing part of the enterprise’s budget. Many SOX regulations around segregation of duties, risk assessment, and quality affect how IT budgets are spent. IT managers must put processes in place to ensure that IT funds are spent wisely and are properly monitored.
Page Ref: 63
Skill:
Hard
AACSB:
Use of IT
50)
Why are new and increasingly complex privacy controls and security legislation such a challenge for IT?
Answer:
In the past, systems were developed after regulations affecting a business. Furthermore, these regulations affected smaller if not isolated areas of IT work. Recent legislation not only affects IT systems, but also how they work together and the handling of the data used in these systems. As a result, privacy controls and security legislation have abroaderimpactonworkthanpreviously–evenbeyondtheorganizationitself.Organizationsarenotonlymoredependentonautomatedinformationandprocesses,butthroughnetworking,arealsoincreasinglyvulnerabletosecuritythreats.Systemsinterruptionshaveamuchlargerrippleeffectthaninthepastandcandisruptbusinessprocesseasily.
Theglobalnatureofsystemsandbusinessinothercountriesalsohasanaffectoncompanies.CompaniesdoingbusinesswiththeEuropeanUnion,forexample,mustrespectstrictEUprivacystandardseveniftheirsystemsoperateintheUnitedStates.
Legislators and other regulatory bodies are increasingly aware of the impact electronic information and systems can have on organizations and the public. IT now has a huge effect on business practices and systems provide the bulk of financial reporting data. Sensitive personal information can be easily transported across organizational and national boundaries, and produce inaccurate or invalid information that could mislead auditors, tax officials, inspectors, and the public creating a sense of distrust among investors.
Page Ref: 59
Skill:
Moderate
AACSB:
Use of IT
Original price was: $30.00.$20.00Current price is: $20.00.
Original price was: $30.00.$20.00Current price is: $20.00.
Original price was: $30.00.$20.00Current price is: $20.00.
Original price was: $30.00.$20.00Current price is: $20.00.
Original price was: $30.00.$20.00Current price is: $20.00.
Original price was: $30.00.$20.00Current price is: $20.00.
